From 5f486958bfae4e2059a26b947661a60efedd092d Mon Sep 17 00:00:00 2001 From: Kuppuswamy Sathyanarayanan Date: Tue, 10 Feb 2026 16:17:10 -0800 Subject: configfs-tsm-report: Document size limits for outblob attributes The configfs-tsm-report interface can fail with -EFBIG when the attestation report generated by a TSM provider exceeds internal maximums (TSM_REPORT_OUTBLOB_MAX). However, this error condition and its handling are not currently documented in the ABI. Userspace tools need to understand how to interpret various error conditions when reading attestation reports. Document that reads fail with -EFBIG when reports exceed size limits, with guidance on how to resolve them. Reviewed-by: Fang Peter Signed-off-by: Kuppuswamy Sathyanarayanan Link: https://patch.msgid.link/20260211001712.1531955-2-sathyanarayanan.kuppuswamy@linux.intel.com Signed-off-by: Dan Williams --- Documentation/ABI/testing/configfs-tsm-report | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'Documentation') diff --git a/Documentation/ABI/testing/configfs-tsm-report b/Documentation/ABI/testing/configfs-tsm-report index 534408bc1408..ca3352cfd2f1 100644 --- a/Documentation/ABI/testing/configfs-tsm-report +++ b/Documentation/ABI/testing/configfs-tsm-report @@ -17,6 +17,12 @@ Description: where the implementation is conveyed via the @provider attribute. + This interface fails reads and sets errno to EFBIG when the + report generated by @provider exceeds the configfs-tsm-report + internal maximums. Contact the platform provider for the + compatible security module, driver, and attestation library + combination. + What: /sys/kernel/config/tsm/report/$name/auxblob Date: October, 2023 KernelVersion: v6.7 @@ -31,6 +37,9 @@ Description: Standardization v2.03 Section 4.1.8.1 MSG_REPORT_REQ. https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf + See "EFBIG" comment in the @outblob description for potential + error conditions. + What: /sys/kernel/config/tsm/report/$name/manifestblob Date: January, 2024 KernelVersion: v6.10 @@ -43,6 +52,9 @@ Description: See 'service_provider' for information on the format of the manifest blob. + See "EFBIG" comment in the @outblob description for potential + error conditions. + What: /sys/kernel/config/tsm/report/$name/provider Date: September, 2023 KernelVersion: v6.7 -- cgit v1.2.3 From 43185067c6fd55b548ecb648a69d9569fcf622b5 Mon Sep 17 00:00:00 2001 From: Kuppuswamy Sathyanarayanan Date: Tue, 10 Feb 2026 16:17:12 -0800 Subject: configfs-tsm-report: tdx_guest: Increase Quote buffer size to 128KB Intel platforms are transitioning from traditional SGX-based attestation toward DICE-based attestation as part of a broader move toward open and standardized attestation models. DICE enables layered and extensible attestation, where evidence is accumulated across multiple boot stages. With SGX-based attestation, Quote sizes are typically under 8KB, as the payload consists primarily of Quote data and a small certificate bundle. Existing TDX guest code sizes the Quote buffer accordingly. DICE-based attestation produces significantly larger Quotes due to the inclusion of evidence (certificate chains) from multiple boot layers. The cumulative Quote size can reach approximately 100KB. Increase GET_QUOTE_BUF_SIZE to 128KB to ensure sufficient buffer capacity for DICE-based Quote payloads. Reviewed-by: Fang Peter Signed-off-by: Kuppuswamy Sathyanarayanan Link: https://patch.msgid.link/20260211001712.1531955-4-sathyanarayanan.kuppuswamy@linux.intel.com Signed-off-by: Dan Williams --- Documentation/ABI/testing/configfs-tsm-report | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'Documentation') diff --git a/Documentation/ABI/testing/configfs-tsm-report b/Documentation/ABI/testing/configfs-tsm-report index ca3352cfd2f1..7a6a5045a7d5 100644 --- a/Documentation/ABI/testing/configfs-tsm-report +++ b/Documentation/ABI/testing/configfs-tsm-report @@ -73,6 +73,10 @@ Description: Library Revision 0.8 Appendix 4,5 https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf + Intel TDX platforms with DICE-based attestation use CBOR Web Token + (CWT) format for the Quote payload. This is indicated by the Quote + size exceeding 8KB. + What: /sys/kernel/config/tsm/report/$name/generation Date: September, 2023 KernelVersion: v6.7 -- cgit v1.2.3